by 安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This skill is internally coherent and the bundled Python script is small and readable, but take these precautions before installing or enabling it in production:
- Manually inspect SKILL.md for hidden unicode control characters (the static scanner flagged them). Remove or clarify any suspicious invisible characters.
- Review the included script (scripts/generate_issue_report.py) locally — it is self-contained and only formats user input into Markdown, which appears safe. Verify it does not call...详细分析 ▾
✓ 用途与能力
Name/description match the included files and behavior: a small Python script plus templates that produce Markdown issue reports and severity judgments. No unrelated credentials, binaries, or system-level access are requested.
ℹ 指令范围
SKILL.md only instructs running the included script with the user's description and guiding the user to fill missing fields; it does not request reading system files or contacting external services. Note: the pre-scan detected unicode-control-chars in SKILL.md (possible prompt-injection attempt) and the example shows invoking a shell command with user text — ensure the runtime properly escapes user input to avoid command injection when the agent executes shell commands.
✓ 安装机制
No install spec is provided (instruction-only skill) and included code is small and local. Nothing is downloaded or extracted from external URLs.
✓ 凭证需求
No environment variables, credentials, or config paths are required. The Python script reads only the provided CLI argument and formats a report; it does not access external services or secrets.
✓ 持久化与权限
always:false and no special persistence or elevated privileges requested. The skill does not modify other skills or system-wide configuration.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/30
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install issue-report-generator
镜像加速npx clawhub@latest install issue-report-generator --registry https://cn.longxiaskill.com